INDEX 1. 2. 3. 4. 5. 6. 7. Introduction Computer Security 2.1. Confidentiality 2.2. Integrity 2.3. Availability 2.4. Authenticity 2.5. Accountability 2.6. Security Attacks 2.6.1. Security Attack 2.6.2. Security Mechanisms 2.6.3. Security Service Security Attacks 3.1. Passive Attacks 3.2. Active Attacks Model for Network Security Utilization of One Time Pad Encryption Algorithm 5.1. Difficulties 5.2. Flowchart 5.3. Example 5.4. Advantages 5.5. Disadvantages Blowfish Encryption Algorithm 6.1. Feisal Network 6.2. Steps 6.3. Example Products that use blowfish Conclusion References Introduction When most people think of security, they think of CONFIDENTIALITY. Confidentiality means that your data is kept secret from unintended Listeners or eavesdroppers.in network the kind of active and passive attack which harm our network communication and data we must need to take care of it, to prevent unauthorised access to the data and increase the data integrity we can use encryption techniques which will help us to secure our data over the network. we have various kind of encryption algorithm which is applied to data to secure it some of them are described in this document, such as ONE TIME PAD encryption or BLOWFISH algorithm. lurking danger. But the hard reality is that internet is not secure today to send sensitive information. data integrity and security getting a major thing When most people think of security, they think of Confidentiality, means that your data is kept secret from unintended Listeners or Eavesdroppers . Eavesdroppers who retrieve your data from the network and make an unpleasant activity to your data, they use various types of attacks on networks passive attacks such as Traffic analysis and release of message content and active attacks such as Masquerade, Modification of Message, Message Insertion Attack, The denial of service. Because of the eavesdroppers attacks Vulnerabilities and Incidents on the network are growing up day by day. To prevent this situation from unauthenticated data handling on network we can pass encrypted data to the network, encrypted data is the data where the original data hidden inside it and generated by a key, according to the encryption algorithm data is encrypted and sent over the network to increase the data security, this mechanism is known as cryptography where data is hidden from an eavesdroppers. We can use various data encryption algorithms to encrypt the data such as DES (Data Encryption Standard), Blowfish, TwoFish, ThreeFish, One Time Pad, RC4 (ARCFOUR), RC5, 3DES (Triple Data Encryption Standard), Diamond2, RSA (Rivets Shamir Adleman), MD5 (Message Digest), SHA-1(Secure Hash Algorithm - 1), SHA-256, Rijndael Encryption Algorithms. We will discuss about One Time Pad Encryption and blowfish Encryption algorithm to describe the way of encryption and decrypting the data. Keywords Cipher Text, Encryption, Decryption, Active Attack, Passive Attack, Blowfish, One Time Pad. Conclusion We found that in network which data is passed is must be secure , there are various types of attacks performed by an eavesdroppers to protect against them is to be secure for that we should have to use any of the secure encryption algorithm to protect our data against eavesdroppers, for increasing security and data integrity. References [1] [2] [3] [4] [5] [6] [7] Abstract [8] Undoubtedly the internet has been one of the greatest achievements of a new age technologies. It has completely change the way we live and work. However, with the immense growth of the internet, there lies a [9] [10] [11] https://www.ietf.org/rfc/rfc3552.txt 1-4-2014 http://www.iab.org/activities/programs/security/ 1-4-2014 http://www.iab.org/activities/workshops/strint/ 1-4-2014 William Stallings “Cryptography and Network Security” ISBN 10: 0-13-609704-9 ISBN 13: 978-0-13-609704-4 12-21-2013 The Three Tenents of Cyber Security. U.S. Air Force Software Protection Initiative. 1-5-2014 Adam She ,Ramat Gan (IL) “System and method for synchronizing ONE TIME PAD encryption keys for secure communication and access control” 12-17-2013 Gunjan Gupta, Rama Chawla “Review on Encryption Ciphers of Cryptography in Network Security” 12-17-2013 Bruce Schneier “The Blowfish Encryption Algorithm” 12-212013 “Blowfish encryption sub-key generation” 12-21-2013 Bruce Schneier “Products that Use Blowfish” 1-5-2014 Bruce Schneier, “Applied Cryptography,” John Wiley & Sons, New York, 1994. 1-5-2014 ISBN: not available

Network Security, Blowfish and One Time Pad Encryption Algorithms Rahul V. Khanvani Department of Computer Science Saurashtra University - Rajkot BinaryBuzz.Wordpress.com Khanvani@gmail.com Abstract— undoubtedly the internet has been one of the greatest achievements of a new age technologies. It has completely change the way we live and work. However, with the immense growth of the internet, there lies a lurking danger. But the hard reality is that internet is not secure today to send sensitive information. data integrity and security getting a major thing When most people think of security, they think of Confidentiality, means that your data is kept secret from unintended Listeners or Eavesdroppers . Eavesdroppers who retrieve your data from the network and make an unpleasant activity to your data, they use various types of attacks on networks passive attacks such as Traffic analysis and release of message content and active attacks such as Masquerade, Modification of Message, Message Insertion Attack, The denial of service. Because of the eavesdroppers attacks Vulnerabilities and Incidents on the network are growing up day by day. To prevent this situation from unauthenticated data handling on network we can pass encrypted data to the network, encrypted data is the data where the original data hidden inside it and generated by a key, according to the encryption algorithm data is encrypted and sent over the network to increase the data security, this mechanism is known as cryptography where data is hidden from an eavesdroppers. We can use various data encryption algorithms to encrypt the data such as DES (Data Encryption Standard), Blowfish, TwoFish, ThreeFish, One Time Pad, RC4 (ARCFOUR), RC5, 3DES (Triple Data Encryption Standard), Diamond2, RSA (Rivets Shamir Adleman), MD5 (Message Digest), SHA-1(Secure Hash Algorithm - 1), SHA-256, Rijndael Encryption Algorithms. We will discuss about One Time Pad Encryption and blowfish Encryption algorithm to describe the way of encryption and decrypting the data. Keywords— Cipher Text, Encryption, Decryption, Active Attack, Passive Attack, Blowfish, One Time Pad. I. INTRODUCTION When most people think of security, they think of CONFIDENTIALITY. Confidentiality means that your data is kept secret from unintended Listeners. Usually, these listeners are simply eavesdroppers. In 1994, the IAB issued a report entitled “Security in the Internet Architecture" (RFC 1636). The report says that the Internet needs more and better security, and it identified key areas for security. For these we need to secure the network infrastructure from unauthorized monitoring and control of network traffic and the need to secure user-user traffic using authentication and encryption mechanisms (e.g. [4]). The Computer Emergency Response Team (CERT) Coordination Centre (CERT/CC) reports the Incidents and vulnerabilities on network which satisfy the RFC 1636 report. Figure A : Vulnerabilities reported Vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. Above figure shows the trend in Internet-related vulnerabilities reported to CERT over a 10-year period. These include security weaknesses in the operating systems of attached computers as well as vulnerabilities in Internet routers and other network devices. Shows the number of security-related incidents reported to CERT. These include modification of message, replay attacks, denial of service, SQL injection, IP spoofing and various types of active and passive attacks.

make use of one or more security mechanisms to provide the service.(e.g. [5]) III. SECURITY ATTACKS Security attacks can be possible of two types in network Active attacks and Passive Attacks. A passive attack attempts to learn or make use of information from the system but does not affect system resources. An active attack attempts to alter system resources or affect their operation. Figure B : Incidents Reported Attacks have become more automated and can cause greater amount of damage according to the report of incidents (e.g. [4]). A. Passive Attacks: Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are the release of message contents and traffic analysis. II. COMPUTER SECURITY To protect the system we need to attaint objectives of preserving the integrity, availability, and confidentiality of system resources includes hardware, software, firmware, information/data, and telecommunications (e.g. [4]). A. Confidentiality: Confidentiality is a set of rules or a promise that limits access or places restrictions on certain types of information. (e.g. [4]) B. Integrity: Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity. (e.g. [4]) C. Availability: Ensuring timely and reliable access to use of information. (e.g. [4]) D. Authenticity: being able to be verified and trusted; (e.g. [4]) Figure C : Release of Message Content (e.g. [4]) The release of message contents is easily understood. (Figure c) A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions. (e.g. [4]) E. Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity.(e.g. [4]) The OSI security architecture focuses on security attacks, mechanisms, and services. These can be defined briefly as: 1) Security attack: Any action that compromises the security of information owned by an organization. 2) Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. 3) Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they Figure D : Traffic Analysis (e.g. [4])

A second type of passive attack, traffic analysis, Suppose that we had a way of masking the contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message. The common technique for masking contents is encryption. If we had encryption protection in place, an opponent might still be able to observe the pattern of these messages. The opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place. (e.g. [4]) victim. He could capture the message and replay it, even though he can't read it, causing the transaction to be executed twice (e.g. [1]). Passive attacks are very difficult to detect, because they do not involve any alteration of the data. Typically, the message traffic is sent and received in an apparently normal fashion, Figure F: Replay (e.g. [4]) and neither the sender nor receiver is aware that a third party has read the messages or observed the traffic pattern. However, it is feasible to prevent the success of these attacks, usually by REPLAY OR MESSAGE INSERTION ATTACK means of encryption. Thus, the emphasis in dealing with involves the passive capture of a data unit and its subsequent passive attacks is on prevention rather than detection. retransmission to produce an unauthorized effect (Figure F.). For example, a denial-of-service attack can be mounted by inserting a series of spurious TCP SYN packets directed B. Active Attacks: A When an attack involves writing data to towards the target host. The target host responds with its own the network, we refer to this as an ACTIVE ATTACK (e.g. SYN and allocates kernel data structures for the new [1]). Active attacks involve some modification of the data connection. The attacker never completes the 3-way stream or the creation of a false stream and can be handshake, so the allocated connection endpoints just sit there subdivided into four categories: masquerade, replay, taking up kernel memory. Typical TCP stack implementations modification of messages, and denial of service. only allow some limited number of connections in this "halfopen" state and when this limit is reached, no more connections can be initiated, even from legitimate hosts. Note that this attack is a blind attack, since the attacker does not need to process the victim's SYNs (e.g. [1]). Figure E : Masquerade (e.g. [4]) A MASQUERADE ATTACK or a REPLAY ATTACK takes place when one entity pretends to be a different entity (Figure e). A MASQUERADE ATTACK usually includes one of the other forms of active attack. In a REPLAY ATTACK, the attacker saves the data sent by the sender and retransmit data after completion of the sender’s request. See at this type of attacks the sender does not need to understand that what kind of or which data is sent by the sender the attacker just retransmit the data what he received. For example, consider the case where an S/MIME message is being used to request some service, such as a credit card purchase or a stock trade. An attacker might wish to have the service executed twice, if only to inconvenience the Figure G: Modification of Message (e.g. [4]) MODIFICATION ATTACK OR CUT-PASTE ATTACK simply means that some portion of a legitimate message is altered, (Figure 1.3c) where the attacker modifies the original data and transmit the altered data to the receiver. Consider the case where the attacker wants to attack an order for goods placed over the Internet. He doesn't have the victim's credit card number so he waits for the victim to place

the order and then replaces the delivery address (and possibly the goods description) with his own. Note that this particular attack is known as a CUT-AND-PASTE attack since the attacker cuts the credit card number out of the original message and pastes it into the new message. (e.g. [1]) Figure H: The denial of service (e.g. [4]) The denial of service prevents or inhibits the normal use or management of communications facilities (Figure H.). This attack may have a specific target; for example, an entity may suppress all messages directed to a particular destination. IV. A MODEL FOR NETWORK SECURITY A model for much of what we will be discussing is captured, in very general terms, in (Figure I) message is to be transferred from one party to another across some sort of Internet service. The two parties, who are the principals in this transaction, must cooperate for the exchange to take place. A logical information channel is established by defining a route through the Internet from source to destination and by the cooperative use of communication protocols (e.g., TCP/IP) by the two principals. Figure I : Model for Network Security (e.g. [4]) Security aspects come into play when it is necessary or desirable to protect the information transmission from an opponent who may present a threat to confidentiality, authenticity, and so on. All the techniques for providing security have two components: A security-related transformation on the information to be sent. Examples include the encryption of the message, which scrambles the message so that it is unreadable by the opponent, and the addition of a code based on the contents of the message, which can be used to verify the identity of the sender. Some secret information shared by the two principals and, it is hoped, unknown to the opponent. An example is an encryption key used in conjunction with the transformation to scramble the message before transmission and unscramble it on reception. V. UTILIZATION OF ONE TIME PAD ENCRYPTION ALGORITHM In this section and the next, we examine a sampling of what might be called classical encryption techniques. A study of these techniques enables us to illustrate the basic approaches to symmetric encryption used today and the types of cryptanalytic attacks that must be anticipated. The two basic building blocks of all encryption techniques are substitution and transposition. A substitution technique is one in which the letters of plaintext are replaced by other letters or by numbers or symbols. If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with cipher text bit patterns. One time pad is one of the substitution technique. An Army Signal Corp officer, Joseph Mauborgne, proposed an improvement to the Vernam cipher that yields the ultimate in security. Mauborgne suggested using a random key that is as long as the message, so that the key need not be repeated. In addition, the key is to be used to encrypt and decrypt a single message, and then is discarded. Each new message requires a new key of the same length as the new message. Such a scheme, known as a one-time pad, is unbreakable. It produces random output that bears no statistical relationship to the plaintext. Because the cipher text contains no information whatsoever about the plaintext, there is simply no way to break the code. An example should illustrate our point. Suppose that we are using a Vigenere scheme with 27 characters in which the twenty-seventh character is the space character, but with a one-time key that is as long as the message. Consider the cipher text. Plain Text: Hello World You Can’t Decrypt This Message

We now show two different decryptions using two different keys: Figure J: Encrypting Message with ONE TIME PAD Again Evaluating the Same Encryption Process is needed by both sender and receiver. Thus, a mammoth key distribution problem exists. Because of these difficulties, the one-time pad is of limited utility and is useful primarily for low-bandwidth channels requiring very high security. The one-time pad is the only cryptosystem that exhibits what is referred to as perfect secrecy. Thus I have applied a handshaking approach to one time pad encryption algorithm, practically it is not possible to encrypt and decrypt data with a random key, a random key which is added to the algorithm is not a good way for encryption because a key holder can’t remember this key and he/she must have to save it on particular file and must transfer to network or the receive to decrypt the encrypted data. So, I have implemented the algorithm where a key is not transferred to a network or any other user doesn’t have to worry about key and just transfer data on network. According to algorithm how it work there are simple steps that algorithm illustrates: Sender generates the random bit of keys having equal length as plain text from the device which is known as a chipper key for sender.  Sender perform XOR operations on plain text and chipper key (random bit key generated by sender) where  Figure K: Again Encrypting Same Message with ONE TIME PAD Suppose that a cryptanalyst had managed to find these two PLAIN_TEXT [0] XOR S_RANDOM_BITS [0] = keys. Two plausible plaintexts are produced. How is the S_ENCRYPTED_TEXT [0] cryptanalyst to decide which is the correct decryption (i.e., which is the correct key)? If the actual key were produced in a PLAIN_TEXT[N] XOR S_RANDOM_BITS[N] = truly random fashion, then the cryptanalyst cannot say that S_ENCRYPTED_TEXT[N] one of these two keys is more likely than the other. Thus, there is no way to decide which key is correct and therefore which plaintext is correct. So now we have an encrypted text of the same length of the In fact, given any plaintext of equal length to the cipher text, plain text there is a key that produces that plaintext. Therefore, if you did an exhaustive search of all possible keys, you would end  After generating encrypted text sender sends it to the up with many legible plaintexts, with no way of knowing network or to the receiver which the intended plaintext was. Therefore, the code is  Receiver receives the encrypted text and generates its unbreakable. own or new random bit of key which having an equal length of received encrypted text by sender The security of the one-time pad is entirely due to the  After generating random bit of a key by receiver it randomness of the key. performs an XOR operation between received If the stream of characters that constitute the key is truly encrypted text and generated random bits of a key by random, then the stream of characters that constitute the receiver. cipher text will be truly random. Thus, there are no patterns or regularities that a cryptanalyst can use to attack the cipher text. In theory, we need look no further for a cipher. The onetime pad offers complete security but, in practice, has two fundamental difficulties: 1) There is the practical problem of making large quantities of random keys. Any heavily used system might require millions of random characters on a regular basis. Supplying truly random characters in this volume is a significant task. 2) Even more daunting is the problem of key distribution and protection. For every message to be sent, a key of equal length S_ENCRYPTED_TEXT[0] XOR R_RANDOM_BITS[0] = R_ENCRYPTED_TEXT[0] S_ENCRYPTED_TEXT[N] XOR R_RANDOM_BITS[N] = R_ENCRYPTED_TEXT[N] After that receiver sends the encrypted text to sender back  As receiving the encrypted text from receiver sender removes random bits (random bits that generated by 

sender) using performing XOR operation between received encrypted text by receiver and random bits.  This example illustrates this algorithm more efficiently here sender transfers the message “A1” to the receiver the message is translated to binary and encryption process begins with the above mentioned procedure which help us to understand the mechanism of this algorithm. (e.g. [6])  Message “A1” converted to binary and added with random bits of sender after that we will get encrypted text which is transferred to receiver and receiver generates its own random bits and add it to the received encrypted text and again transfer resultant code to the sender as receiving the encrypted code from receiver the sender performs XOR operation to remove the encrypted bits, note that + and – sign indicates the XOR operation between codes. If we perform XOR operation two times to a particular string we will get the original code so I used + and - sign. After – the sender again send the code to receiver and after that receiver removes its own random bits and get the original message. R_ENCRYPTED_TEXT[0] XOR S_RANDOM_BITS[0] = S_DECRYPTED_TEXT[0] R_ENCRYPTED_TEXT[N] XOR S_RANDOM_BITS[N] = S_DECRYPTED_TEXT[N] After generating that encrypted text it is again sent to receiver.  As receiving the code from the sender, the receiver performs the same thing that it removes its own generated random bits of data from the received encrypted message and he/she will get the original message (plain text) what it was sent by the sender.  S_DECRYPTED_TEXT[0] XOR R_RANDOM_BITS[0] = R_DECRYPTED_TEXT[0] S_DECRYPTED_TEXT[N] XOR R_RANDOM_BITS[N] = R_DECRYPTED_TEXT[N] WHERE R_DECRYPTED_TEXT WILL BE ORIGINAL PLAIN TEXT Following flowchart illustrates the mechanism: Figure M : An Example Illustrating the mechanism of ONE TIME PAD Encryption algorithm Figure L : Flowchart shows the mechanism of ONE TIME PAD Encryption algorithm C. Benefits of this algorithm:  Best suitable for small application  Not easy to decrypt the message because data sent to network is encrypted using random bits (e.g. [6]).  No need to remember the key because both keys are on local machines.

Key is not transferred to network so User dose not worry about key  Fast encryption for small messages  Can be implied on binary files  D. Disadvantages of this algorithm:  Key is easily received using packet analysis. But only can decrypted if the receiver knows the mechanism of algorithm.  Not suitable for large files because random bits are generated as the length of the plain text so difficult to store the random bits until the message communication process finished (e.g. [6]).  Long length of message makes processing slower but computer is not faster enough to process and generate the random bits. VI. BLOWFISH ENCRYPTION ALGORITHM Blowfish is a symmetric block cipher encryption algorithm which was designed in 1993 by Bruce Schneier. Blowfish Algorithm is license-free, and is available free for all uses. Blowfish Algorithm is a Feistel Network, iterating a simple encryption function 16 times. The block size is 64 bits, and the key can be any length up to 448 bits. (e.g. [8]) Blowfish is a variable-length key block cipher. It is suitable for applications where the key does not change often, like a communications link. It is faster than most encryption algorithms.  Feistel Networks: A Feistel network is a general method of transforming any function usually called an F-function. It was invented by Horst Feistel and has been used in many block cipher designs. Right half becomes new left half New right half is the final result when the left half is XOR with the result of applying f to the right half and the key.  Note that previous rounds can be derived even if the function f is not invertible.   A. The Blowfish Algorithm:             Figure N: Feistel Networks The working of a Feistal Network is given below:  Split each block into halves(Parts) Manipulates data in large blocks Has a 64-bit block size. Has a scalable key, from 32 bits to at least 256 bits. Uses simple operations that are efficient on microprocessors. e.g., exclusive-or, addition, table lookup, modular- multiplication. It does not use variable-length shifts or bit-wise permutations, or conditional jumps. Employs pre-computable sub-keys. On large-memory systems, these sub-keys can be pre-computed for faster operation. Not precomputing the sub-keys will result in slower operation, but it should still be possible to encrypt data without any pre-computations. Consists of a variable number of iterations. For applications with a small key size, the trade-off between the complexity of a bruteforce attack and a differential attack make a large number of iterations superfluous. Hence, it should be possible to reduce the number of iterations with no loss of security (beyond that of the reduced key size). Uses sub-keys that are a one-way hash of the key. This allows the use of long passphrases for the key without compromising security. Has no linear structures that reduce the complexity of exhaustive search. Uses a design that is simple to understand. This facilitates analysis and increase the confidence in the algorithm. In practice, this means that the algorithm will be a Feistel iterated block cipher. B. Example of Blowfish Algorithm: For the test case of a key of 0x0000000000000000 and a text input of 0x0000000000000000, the first step is to XOR the key with the P array, but with a key of all zeroes, that will result in the P array being unchanged, so will still have the hex values of pi that it starts with. Then a 64-byte text string (0x0000000000000000) is encoded using the current P array and S-boxes, and the result gets split to replace P1 and P2. Then that same output is encoded again (using the new P1 and P2 values) to get another output, which is used to replace P3 and P4. This continues until all the P values are changed, and the S-boxes. Doing that process, we get the

Schneier on Security: Review of TriStrata Public Information

Review of TriStrata Public Information. ... and none of the security proofs about a one-time pad ... A pseudo one-time pad encryption algorithm can ...Read more

Performance Analysis of Data Encryption Algorithms

This paper aims to show a performance comparison between different encryption algorithms. ... one encryption algorithm ... security mechanism, Blowfish ...Read more

SlideSearchEngine.com is a specialised online agregator and search engine! We collect presentations from publicly available sources.
These presentations are classified and categorized, so you will always find everything clearly laid out and in context.
We are staying up to date! We are looking for more relevant data on social networks.